CVE-2026-13552 itsourcecode CVE debrief

Who should care

Security teams and administrators responsible for itsourcecode Online Hotel Management System 1.0 should prioritize patching this vulnerability to prevent potential SQL injection attacks. Additionally, security teams should monitor for potential exploitation attempts and review system logs for suspicious activity. This vulnerability may be of interest to attackers due to its remote exploitability and public exploit availability.

Technical summary

The vulnerability is caused by a lack of input validation in the amen_id argument of the /admin/mod_amenities/controller.php?action=edit file. An attacker can inject malicious SQL code to manipulate the database. The vulnerability has a CVSS vector of CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X. The weakness is classified as CWE-74 and CWE-89.

Defensive priority

Patching the vulnerability is the top priority. Security teams should also monitor system logs for suspicious activity and review system configurations to ensure they are not exposed to unnecessary risk.

Recommended defensive actions

• Patch the vulnerability by applying the vendor's remediation
• Monitor system logs for suspicious activity
• Review system configurations to ensure they are not exposed to unnecessary risk
• Implement additional security controls to prevent SQL injection attacks
• Conduct a thorough review of the system to identify potential vulnerabilities

Evidence notes

The vulnerability was detected in itsourcecode Online Hotel Management System 1.0. The exploit is now public and may be used. The vendor is Unknown Vendor and the product is itsourcecode Online Hotel Management System 1.0. The CVSS score is 5.5 and the severity is MEDIUM.

Official resources